org.opencms.security
Class CmsAccessControlEntry

java.lang.Object
  org.opencms.security.CmsAccessControlEntry

public class CmsAccessControlEntry
extends java.lang.Object

An access control entry defines the permissions of a user or group for a distinct resource.

Besides the CmsPermissionSet to define the permissions, the access control entry contains the UUID of the resource and of the principal (user or group) who has the defined permissions. Since the principal is identified by its UUID, any other entity may act as principal also.

Additionally, the entry stores various flags:
ACCESS_FLAGS_DELETED indicates that this entry is deleted
ACCESS_FLAGS_INHERIT indicates that this entry should be inherited
ACCESS_FLAGS_OVERWRITE indicates that this entry overwrites inherited settings
ACCESS_FLAGS_INHERITED indicates that this entry is inherited
ACCESS_FLAGS_USER indicates that the principal is a single user
ACCESS_FLAGS_GROUP indicates that the principal is a group

Since:

6.0.0

Version:

$Revision: 1.29 $

Author:

Carsten Weinholz

Field Summary

static int	ACCESS_FLAGS_ALLOTHERS Flag to indicate the principal type 'all others'.
static int	ACCESS_FLAGS_GROUP Flag to indicate the principal type group.
static int	ACCESS_FLAGS_INHERIT Flag to indicate that an access control entry should be inherited.
static int	ACCESS_FLAGS_INHERITED Flag to indicate that an access control entry was inherited (read only).
static int	ACCESS_FLAGS_OVERWRITE Flag to indicate that an access control entry overwrites inherited entries.
static int	ACCESS_FLAGS_OVERWRITE_ALL Flag to indicate the principal type 'overwrite all'.
static int	ACCESS_FLAGS_RESPONSIBLE Flag to indicate that the principal is responsible for the resource.
static int	ACCESS_FLAGS_ROLE Flag to indicate the principal type role.
static int	ACCESS_FLAGS_USER Flag to indicate the principal type user.
static java.util.Comparator	COMPARATOR_ACE ACE comparator.
static java.util.Comparator	COMPARATOR_PRINCIPALS ACE principals comparator.
static CmsUUID	PRINCIPAL_ALL_OTHERS_ID The used id for ace's that apply to all other principals.
static java.lang.String	PRINCIPAL_ALL_OTHERS_NAME The used name for ace's that apply to all other principals.
static CmsUUID	PRINCIPAL_OVERWRITE_ALL_ID The used id for ace's that overwrites all inherited permissions.
static java.lang.String	PRINCIPAL_OVERWRITE_ALL_NAME The used name for ace's that overwrites all inherited permissions.

Constructor Summary

CmsAccessControlEntry(CmsUUID resource, CmsAccessControlEntry base)
Constructor to create a new access control entry for a given resource based on an existing access control entry.

CmsAccessControlEntry(CmsUUID resource, CmsUUID principal, CmsPermissionSet permissions, int flags)
Constructor to create a new access control entry on a given resource and a given principal.

CmsAccessControlEntry(CmsUUID resource, CmsUUID principal, int allowed, int denied, int flags)
Constructor to create a new access control entry on a given resource and a given principal.

CmsAccessControlEntry(CmsUUID resource, CmsUUID principal, java.lang.String acPermissionString)
Constructor to create a new access control entry on a given resource and a given principal.

Method Summary

void	denyPermissions(int denied) Sets the explicitly denied permissions in the access control entry.
boolean	equals(java.lang.Object obj)
int	getAllowedPermissions() Returns the currently allowed permissions as bitset.
int	getDeniedPermissions() Returns the currently denied permissions as bitset.
int	getFlags() Returns the current flags of the access control entry.
java.lang.String	getInheritingString() Returns the string representation of the "inherit" flag.
CmsPermissionSet	getPermissions() Returns the current permission set (both allowed and denied permissions).
CmsUUID	getPrincipal() Returns the principal assigned with this access control entry.
CmsUUID	getResource() Returns the resource assigned with this access control entry.
java.lang.String	getResponsibleString() Returns the string representation of the "responsible" flag.
void	grantPermissions(int allowed) Sets the allowed permissions in the access control entry.
int	hashCode()
boolean	isAllOthers() Checks if the ACCESS_FLAGS_ALLOTHERS flag is set.
boolean	isInherited() Returns if this access control entry has the inherited flag set.
boolean	isInheriting() Returns if this ace is being inherited to the folder subresources.
boolean	isOverwriteAll() Checks if the ACCESS_FLAGS_OVERWRITE_ALL flag is set.
boolean	isResponsible() Returns if the principal is responsible for the current resource.
void	resetFlags(int flags) Resets the given flags in the access control entry.
void	setFlags(int flags) Sets the given flags in the access control entry.
void	setFlagsForPrincipal(I_CmsPrincipal principal) Sets the access flags to identify the given principal type.
void	setPermissions(CmsPermissionSet permissions) Sets the allowed and denied permissions of the access control entry.
java.lang.String	toString() Returns the String representation of this access control entry object.

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Field Detail

ACCESS_FLAGS_ALLOTHERS

public static final int ACCESS_FLAGS_ALLOTHERS

Flag to indicate the principal type 'all others'.

See Also:

Constant Field Values

ACCESS_FLAGS_GROUP

public static final int ACCESS_FLAGS_GROUP

Flag to indicate the principal type group.

See Also:

Constant Field Values

ACCESS_FLAGS_ROLE

public static final int ACCESS_FLAGS_ROLE

Flag to indicate the principal type role.

See Also:

Constant Field Values

ACCESS_FLAGS_INHERIT

public static final int ACCESS_FLAGS_INHERIT

Flag to indicate that an access control entry should be inherited.

See Also:

Constant Field Values

ACCESS_FLAGS_INHERITED

public static final int ACCESS_FLAGS_INHERITED

Flag to indicate that an access control entry was inherited (read only).

See Also:

Constant Field Values

ACCESS_FLAGS_OVERWRITE

public static final int ACCESS_FLAGS_OVERWRITE

Flag to indicate that an access control entry overwrites inherited entries.

See Also:

Constant Field Values

ACCESS_FLAGS_OVERWRITE_ALL

public static final int ACCESS_FLAGS_OVERWRITE_ALL

Flag to indicate the principal type 'overwrite all'.

See Also:

Constant Field Values

ACCESS_FLAGS_RESPONSIBLE

public static final int ACCESS_FLAGS_RESPONSIBLE

Flag to indicate that the principal is responsible for the resource.

See Also:

Constant Field Values

ACCESS_FLAGS_USER

public static final int ACCESS_FLAGS_USER

Flag to indicate the principal type user.

See Also:

Constant Field Values

COMPARATOR_ACE

public static final java.util.Comparator COMPARATOR_ACE

ACE comparator.

Sorts the given list of CmsAccessControlEntry objects.

The 'overwrite all' ace in first place, the 'all others' ace in second place.

COMPARATOR_PRINCIPALS

public static final java.util.Comparator COMPARATOR_PRINCIPALS

ACE principals comparator.

Sorts the given list of CmsAccessControlEntry objects.

The 'overwrite all' ace in first place, the 'all others' ace in second place.

PRINCIPAL_ALL_OTHERS_NAME

public static final java.lang.String PRINCIPAL_ALL_OTHERS_NAME

The used name for ace's that apply to all other principals.

See Also:

Constant Field Values

PRINCIPAL_ALL_OTHERS_ID

public static final CmsUUID PRINCIPAL_ALL_OTHERS_ID

The used id for ace's that apply to all other principals.

PRINCIPAL_OVERWRITE_ALL_NAME

public static final java.lang.String PRINCIPAL_OVERWRITE_ALL_NAME

The used name for ace's that overwrites all inherited permissions.

See Also:

Constant Field Values

PRINCIPAL_OVERWRITE_ALL_ID

public static final CmsUUID PRINCIPAL_OVERWRITE_ALL_ID

The used id for ace's that overwrites all inherited permissions.

Constructor Detail

CmsAccessControlEntry

public CmsAccessControlEntry(CmsUUID resource,
                             CmsAccessControlEntry base)

Constructor to create a new access control entry for a given resource based on an existing access control entry.

Parameters:

resource - the resource

base - the base for the created access control entry

CmsAccessControlEntry

public CmsAccessControlEntry(CmsUUID resource,
                             CmsUUID principal,
                             CmsPermissionSet permissions,
                             int flags)

Constructor to create a new access control entry on a given resource and a given principal.

Permissions are specified as permission set, flags as bitset.

Parameters:

resource - the resource

principal - the id of a principal (user or group)

permissions - the set of allowed and denied permissions as permission set

flags - additional flags of the access control entry

CmsAccessControlEntry

public CmsAccessControlEntry(CmsUUID resource,
                             CmsUUID principal,
                             int allowed,
                             int denied,
                             int flags)

Constructor to create a new access control entry on a given resource and a given principal.

Permissions and flags are specified as bitsets.

Parameters:

resource - the resource

principal - the id of a principal (user or group)

allowed - the set of allowed permissions

denied - set set of explicitly denied permissions

flags - additional flags of the access control entry

See Also:

CmsPermissionSet

CmsAccessControlEntry

public CmsAccessControlEntry(CmsUUID resource,
                             CmsUUID principal,
                             java.lang.String acPermissionString)

Constructor to create a new access control entry on a given resource and a given principal.

Permission and flags are specified as string of the format {{+|-}{r|w|v|c|i}}*

Parameters:

resource - the resource

principal - the id of a principal (user or group)

acPermissionString - allowed and denied permissions and also flags

Method Detail

denyPermissions

public void denyPermissions(int denied)

Sets the explicitly denied permissions in the access control entry.

Parameters:

denied - the denied permissions as bitset

equals

public boolean equals(java.lang.Object obj)

Overrides:

equals in class java.lang.Object

See Also:

Object.equals(java.lang.Object)

getAllowedPermissions

public int getAllowedPermissions()

Returns the currently allowed permissions as bitset.

Returns:

the allowed permissions

getDeniedPermissions

public int getDeniedPermissions()

Returns the currently denied permissions as bitset.

Returns:

the denied permissions

getFlags

public int getFlags()

Returns the current flags of the access control entry.

Returns:

bitset with flag values

getInheritingString

public java.lang.String getInheritingString()

Returns the string representation of the "inherit" flag.

Returns:

string of the format {{+|-}i}*

getPermissions

public CmsPermissionSet getPermissions()

Returns the current permission set (both allowed and denied permissions).

Returns:

the set of permissions

getPrincipal

public CmsUUID getPrincipal()

Returns the principal assigned with this access control entry.

Returns:

the principal

getResource

public CmsUUID getResource()

Returns the resource assigned with this access control entry.

Returns:

the resource

getResponsibleString

public java.lang.String getResponsibleString()

Returns the string representation of the "responsible" flag.

Returns:

string of the format {{+|-}l}*

grantPermissions

public void grantPermissions(int allowed)

Sets the allowed permissions in the access control entry.

Parameters:

allowed - the allowed permissions as bitset

hashCode

public int hashCode()

Overrides:

hashCode in class java.lang.Object

See Also:

Object.hashCode()

isAllOthers

public boolean isAllOthers()

Checks if the ACCESS_FLAGS_ALLOTHERS flag is set.

Returns:

true if the ACCESS_FLAGS_ALLOTHERS flag is set

isInherited

public boolean isInherited()

Returns if this access control entry has the inherited flag set.

Note: to check if an access control entry is inherited, also the resource id and the id of the current resource must be different.

Returns:

true, if the inherited flag is set

isInheriting

public boolean isInheriting()

Returns if this ace is being inherited to the folder subresources.

Returns:

true, if this ace is being inherited to the folder subresources

isOverwriteAll

public boolean isOverwriteAll()

Checks if the ACCESS_FLAGS_OVERWRITE_ALL flag is set.

Returns:

true if the ACCESS_FLAGS_OVERWRITE_ALL flag is set

isResponsible

public boolean isResponsible()

Returns if the principal is responsible for the current resource.

Returns:

true ,if the principal is responsible for the current resource

resetFlags

public void resetFlags(int flags)

Resets the given flags in the access control entry.

Parameters:

flags - bitset with flag values to reset

setFlags

public void setFlags(int flags)

Sets the given flags in the access control entry.

Parameters:

flags - bitset with flag values to set

setFlagsForPrincipal

public void setFlagsForPrincipal(I_CmsPrincipal principal)

Sets the access flags to identify the given principal type.

Parameters:

principal - the principal to set the flags for

setPermissions

public void setPermissions(CmsPermissionSet permissions)

Sets the allowed and denied permissions of the access control entry.

Parameters:

permissions - the set of permissions

toString

public java.lang.String toString()

Returns the String representation of this access control entry object.

Overrides:

toString in class java.lang.Object

See Also:

Object.toString()